Understanding Threats – The on-going online attack

You don’t need to be a cybersecurity expert to ensure that your business is protected, but it is critical that you understand the online threats to your company’s network. Awareness of key threats will enable you to employ practices and behaviors that limit your company’s risk.
Today’s businesses face several major online threats:

Spam, unsolicited junk email, can be both received and distributed by businesses.

• Opening spam through your work email puts you at risk of contracting computer viruses and malware that is capable of disabling your corporate network or and allowing hackers to view and steal data.
• Distributing spam is another risk.  Specific laws have established requirements for the type of commercial emails you can send to customers and potential customers.

To avoid ramifications from the FTC, all corporate emails to customers must abide by the following guidelines as stated in the CAN-SPAM Act of 2003:

• Do not use false or misleading subject header information
• Do not use deceptive subject lines
• Provide all email recipients with the option to opt off of your distribution list
• Ensure that your opt-off option is still working for at least 30 days after you send an email
• Identify your email as an advertisement and include your valid physical postal address

If you or your employees receive spam, forward it to spam@uce.gov. The FTC uses this database to pursue legal actions against spammers.

Phishing
Phishing attacks usually use fraudulent emails to trick consumers into sharing their personal data, such as Social Security numbers, or financial information (credit card account numbers, user names and passwords, etc.).

• Fraudulent Emails: Phishers trick consumers by sending them emails that appear to be from a reputable company, such as a bank, retailer or credit card company.  These emails include Web links that take consumers to a fake Web site where they enter their personal information.
• Keystroke Programs: Phishers use fraudulent emails to place programs on computers that record every keystroke a consumer types.  Phishers are then able to obtain usernames, passwords and other personal data.
• Website Hijacking: Phishers can take over the Web address of a company and re-direct Web surfers to a fraudulent, but realistic site, which steals consumer information.

• Monitor or register sites with similar spelling to yours.
• Provide your customers with an email address that allows them to validate that an email they receive with your branding is really from you.
• Monitor returned email messages as phishers often may hijack your email address to send bulk emails.
• Log your customer service calls and check for spikes in certain types of complaints such as a password inquiries and changes.
• Check for unusual customer account activity that has large volumes of logins, password changes, purchases, withdrawals, etc.
• Regularly search the Internet for use of your corporate logos.

Viruses and spyware can enter your computer through emails, downloads and clicking on malicious links.

• Viruses can enable hackers to steal valuable corporate, customer or employee information, distribute spam, delete files or crash your entire computer system.
• Spyware programs allow hackers to monitor your online activity and steal passwords, records, and other valuable data.